Malware Alert - "RBC Secure Doc" Email Message

On May 3, 2017, many uregina.ca email addresses received an email with a subject similar to "RBC Secure PDF / PDF Sécurisé" This email reports to be from RBC, but is fraudulent.  The attachment to the document will attempt to run malware on your computer if opened.  

Do not click on this open the attached file. Please delete this message.

The message appears similar to the following, and will include an attachment named "SecureMessage.doc" or similar.

The attachment provided in the email address attempts to infect any the computer with malware.  Malware is a catch-all term for various malicious software, including viruses, adware, spyware, browser hijacking software, and fake security software.

Once installed on your computer, these programs can seriously affect your privacy and your computer's security.  

In this case, the file uses a Office Macro.  Macros automate frequently-used tasks; many are created with VBA and are written by software developers. However, some macros pose a potential security risk. A person with malicious intent can introduce a destructive macro, in a document or file, which can spread a virus on your computer.

If you received this message, please delete it immediately if you have not already done so. If you inadvertently clicked a link and entered your credentials, please change your password right away to something you have not used recently. If you inadvertently clicked on the attached file, please contact the IT Support Centre as soon as possible as your system may have been infected:

• Go to the Information Services homepage at http://www.uregina.ca/is and click "Change Password" in the Quicklinks on the right side.
• Additionally, if malware protection is not installed, up to date/current, or is not running, it is recommended that you ensure a malware scan has been completed.

Users should also ensure that macros are do not run by default across their Office suite.  Users with managed machines and Office 2013 installed will already be configured as such.